Campaigns
Overview
The campaigns page is an overview of all campaigns.
Click on a campaign name to open a page with more information.
Campaign overview
The campaign page holds statistics, event timeline, information and actions available for the campaign and its recipients.
Campaign Top Cards
The cards on the top of a campaign page shows quick statistics for the campaign.
You can click on a statistic on card to see it compared with other cards.
| Field | Description |
|---|---|
| Recipients | The total recipient that will recieve the campaign. |
| Emails sent | E-mails delivered until now. |
| Emails read | Unique email tracking pixels loaded. |
| Web site visits | Unique recipient phishing page URLs visited. |
Campaign Timeline
The campaign timeline is a interactive visualization of the events of a campaign.
Double click or scroll on to zoom in.
Hover over an event to see details about it.
Click 12h or 24h to switch beteen 12 and 24 hour time format.
Click Reset View to zoom out to the entire campaign timeline.
Campaign details and actions
The details section gives you a quick overview of all the campaign details and actions available on campaign level.
Click the Template for a visualization and information about the template used in
the campaign.
To manage a campaign, use the campaign actions:
| Action | Description |
|---|---|
| Close campaign | Will set campaign to completed and cancel undelivered e-mails. |
| Anonymize campaign | Will close and anonymize the campaign. This will keep all statistics but it can not be collated to a recipient. |
| Export campaign events | Downloads a CSV with campaign events. |
Campaign recipient table
The campaign recipients table, gives an overview of the recipients of a campaign.
The Status column shows the most notable event for the campaign recipient.
Use campaign recipient Actions to manually handle delivery or see all events for the
specific campaign.
| Action | Description |
|---|---|
| Copy Email | Copy the email contents as HTML. This is useful for custom delivery. |
| View Email | See the email contents. If the email contains a tracking code it will be triggered. This is useful for getting a rich copy for pasting into 3. party email systems. |
| Copy lure URL | Copies the URL to the first phishing page. |
| Events | See the campaign recipients event timeline. |
Click on a recipient to view the timeline for the recipient:
Create a campaign
A campaign is a single phishing operation.
Prerequisites for creating a campaign is a complete template and at least one recipient group.
Start creating a new campaign by clicking
New campaignon the campaigns page.
Create Campaign - Step 1 - Information. New campaign - Step 1 Field Description Name The name of the campaign. Template The template to use for the campaign. Type A test campaign does not count into statistics and is labeled with a testlabel.Set the recipients groups that should be included in the campaign.
Create Campaign - Step 2 - Recipients. The number besides each group, represents the number of recipients in that group.
Each unique recipient is only included once, even if they are in multiple groups.Setup how the campaigns delivery is done by selecting a
Delivery Method.
Create Campaign - Step 2 - Recipients. A
Time Boxschedule evenly distributes sending between the selectedDelivery startandDelivery end.
Create Campaign - Time boxed delivery method. Time box Field Description Delivery start The delivery start date and time of the campaign. Delivery end The delivery end date and time of the campaign. Delivery sort by Sort the sending order by a recipient column such as department. Delivery sort by Set the sort order of the selected Delivery sort by.Delivery sort order Set the sort order of the selected Delivery sort order.Close campaign When to automatically close the campaign and set it to completed.
When a campaign is completed, recipients can not longer interact with it.Anonymize data Closes the campaign and anonymizes all data related to it.
Anoymization will not delete campaign statistics, but it will no longer be possible to collate an event to a recipient.Use
Daily Slotsdelivery method to select specific week days and delivery hours.For example monday to friday between 08:00 (8am) and 16:00 (4pm).
Create Campaign - Steo 3 - Daily Slots Daily Slots Field Description Delivery start and end The start and end date of the campaign. Delivery by Sort the sending order by a recipient column such as department. Delivery order Set the sort order of the selected Delivery sort by.Delivery days The week days to restrict delivery to. Delivery hours The hours of the day to deliver within. Close campaign When to automatically close the campaign and set it to completed.
When a campaign is completed, recipients can not longer interact with it.Anonymize data Closes the campaign and anonymizes all data related to it.
Anonymization will not delete campaign statistics, but it will no longer be possible to collate an event to a recipient.
In a
Self Managedcampaigns, no delivery start and end is set for the campaign.
Instead the campaign manager can copy e-mail contents or landing page urls and delivery it to their recipient themself, this could be in a snail mail or via. 3. party system.
Create Campaign - Step 3 - Self Managed Self Managed Field Description Close campaign When to automatically close the campaign and set it to completed.
When a campaign is completed, recipients can not longer interact with it.Anonymize data Closes the campaign and anonymizes all data related to it.
Anoymization will not delete campaign statistics but it will nolonger be possible to collate an event to a recipient.
Set extra options for the campaign.
| Field | Description | Only in Red Team edition |
|---|---|---|
| Save submitted data | Should the data entered by the recipients on the phishing page be stored? | YES |
| IP filtering | Should the phishing pages only be filted by IP allow or deny listing? | YES |
| Web hook | Use webhhok to send campaign events. | NO |
Finally review the campaign before creating, if everything looks good - click Create
Templates
A template is a reusable collection of a domain, smtp sender or api sender, email and landing pages.
Templates Overview
The templates overview contains all available templates.
| Column | Description |
|---|---|
| Name | Name of the template. |
| Domain | The domain used for phishing pages. |
| SMTP | The SMTP sender used for delivery. |
| API Sender | The API sender used for delivery. |
| The emails that used for delivery. | |
| Before landing page | The phishing page shown before the landing page. |
| Landing page | The main phishing page. |
| After landing page | The phishing page shown after the landing page. |
| Is complete | If a template is incomplete, it can not be used, this could be because a required part of the template has been deleted. |
Create template
Prerequisites for creating a template is:
Click New Template on the templates page to begin.
| Input | Description |
| Name | The name of the template. |
| Filter type | Choose if the delivery is done via. SMTP or API sender. |
| Input | Description |
| SMTP Configuration | The SMTP configuration used for email delivery. |
| API Sender | The API Sender used for email delivery. |
| The email used in the template. |
| Input | Description |
| Domain | Pick the domain you want the landing pages to be displayed on. |
| URL Path | Add a path to the domain where the landing pages are. This is useful for adding more context to a URL and making it more credible. |
| Query param key | Is used in the phishing URLs so the system knows which recipient is visiting the page. Changing it can help make the URLs more credible. |
| State session key | When multiple landing pages are used, this query param is used to track which page is the next to load. |
The page flow is the funnel that the recipient goes through after clicking the lure link in
the email.
The page flow can consist of one or multiple pages.
| Input | Description |
| Before Landing Page | The phishing page to show before the landing page. This is most oftenly used to engage the user before the main phishing is performed or to filter out unwanted traffic. |
| Landing Page | The main phishing page. |
| After Landing Page | The phishing page to show after the main landing page.
This is also called a offboarding page and is used to inform the user they been phished or distract them from the fact. |
| POST redirect URL | When the last phishing page contains a form with a POST action. Then the recipeint will
be redirected to this URL.
This mimics the classic behavior from Gophish where a single phishing page with a POST redirect was used. |
IP Filters
IP Filters is available inRed Team edition IP filters help ensure that the right recipients can access a phishing page and are selected
when setting up new campaign. A Deny page can also be configured to show different
content to a not allowed visitor.
Lists can be added configuring a new campaign at the
Schedule - Miscellaneous section.
Create IP Filter
| Column | Description |
| Name | Name of the IP filter. |
| Load content from file | Import a CIDR list from a file. |
| Filter Type | Use the CIDR list as a Allow or Deny list. |
| CIDRs | The list of CIDR ranges that are included in the list. A single IP is automatticly
converted to /32. |
Web hooks
Webhooks are used to communicate campaign events to 3. party APIs.
A Webhook call is fired when a campaign event is triggered.
This can be useful for functionality such as notifications.
Accept-Encoding: gzip
User-Agent: Go-http-client
Content-Length: 142
Content-Type: application/json
X-Signature: 3ec2d0d777495b4410331a8e22de309e393761ed2e16f4271577e812ffaf26e3
{
"time":"2025-03-30T12:13:00.026471259Z",
"campaignName":"Example",
"email":"[email protected]",
"event":"campaign_recipient_message_sent"
}
A webhook is fired for the following events.
| Name | Description |
| campaign_recipient_message_sent | A message has been sent to a recipient. |
| campaign_recipient_message_read | The tracking pixel inside an email has been loaded. |
| campaign_recipient_before_page_visited | The phishing page before the main page has been visited. |
| campaign_recipient_page_visited | The main phishing page has been visited. |
| campaign_recipient_after_page_visited | The phishing page after the main page has been visited. |
| campaign_recipient_submitted_data | Recipient has submitted data. |
Verifying webhook
The webhooks has a optional signature method that can be used to verify that the webhook was sent by Phishing Club.
When creating a webhook, a field named Secret can be used to add a header to the
webhook request with they key X-Signature
The X-Signature contains body of the request signed with HMAC256.
The following Go code is an example of verifying the X-Signature.
bodyBytes, err := io.ReadAll(body)
if err != nil {
log.Println("failed to read body for HMAC calculation:", err)
http.Error(w, "failed to read body", http.StatusInternalServerError)
return
}
h := hmac.New(sha256.New, []byte("SECRET_KEY_HERE"))
h.Write(bodyBytes)
calculatedHMAC := hex.EncodeToString(h.Sum(nil))
// Get the signature from the header
signature := req.Header.Get("x-signature")
if calculatedHMAC != signature {
http.Error(w, "invalid HMAC signature", http.StatusForbidden)
return
}
If no secret is used, the X-Signature value will be UNSIGNED.
Create webhook
| Column | Description |
| Name | Name of the webhook. |
| URL | The URL to call the webhook on. |
| Secret | Secret used to HMAC256 sign the request. |